diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py
--- a/kallithea/lib/auth.py
+++ b/kallithea/lib/auth.py
@@ -626,7 +626,6 @@ class AuthUser(object):
         """ Serializes this login session to a cookie `dict`. """
         return {
             'user_id': self.user_id,
-            'username': self.username,
             'is_authenticated': self.is_authenticated,
             'is_external_auth': self.is_external_auth,
         }
diff --git a/kallithea/tests/__init__.py b/kallithea/tests/__init__.py
--- a/kallithea/tests/__init__.py
+++ b/kallithea/tests/__init__.py
@@ -213,16 +213,22 @@ class TestController(BaseTestCase):
             self.fail('could not login using %s %s' % (username, password))
 
         self.assertEqual(response.status, '302 Found')
-        ses = response.session['authuser']
-        self.assertEqual(ses.get('username'), username)
+        self.assert_authenticated_user(response, username)
+
         response = response.follow()
-        self.assertEqual(ses.get('is_authenticated'), True)
-
         return response.session['authuser']
 
     def _get_logged_user(self):
         return User.get_by_username(self._logged_username)
 
+    def assert_authenticated_user(self, response, expected_username):
+        cookie = response.session.get('authuser')
+        user = cookie and cookie.get('user_id')
+        user = user and User.get(user)
+        user = user and user.username
+        self.assertEqual(user, expected_username)
+        self.assertEqual(cookie.get('is_authenticated'), True)
+
     def authentication_token(self):
         return self.app.get(url('authentication_token')).body
 
diff --git a/kallithea/tests/functional/test_login.py b/kallithea/tests/functional/test_login.py
--- a/kallithea/tests/functional/test_login.py
+++ b/kallithea/tests/functional/test_login.py
@@ -31,8 +31,8 @@ class TestLoginController(TestController
                                  {'username': TEST_USER_ADMIN_LOGIN,
                                   'password': TEST_USER_ADMIN_PASS})
         self.assertEqual(response.status, '302 Found')
-        self.assertEqual(response.session['authuser'].get('username'),
-                         TEST_USER_ADMIN_LOGIN)
+        self.assert_authenticated_user(response, TEST_USER_ADMIN_LOGIN)
+
         response = response.follow()
         response.mustcontain('/%s' % HG_REPO)
 
@@ -42,8 +42,8 @@ class TestLoginController(TestController
                                   'password': TEST_USER_REGULAR_PASS})
 
         self.assertEqual(response.status, '302 Found')
-        self.assertEqual(response.session['authuser'].get('username'),
-                         TEST_USER_REGULAR_LOGIN)
+        self.assert_authenticated_user(response, TEST_USER_REGULAR_LOGIN)
+
         response = response.follow()
         response.mustcontain('/%s' % HG_REPO)